Jul 13 05 03:41p 



SVIPG 



408 971 46S0 



p. 13 



-10- 

REMARKS 

The Examiner has provisionally rejected Claims 1-9, 1 1-34 and 36-43 under the 
judicially created doctrine of obviousness-type double patenting as being unpatentable over 
Claims 1-10, 12-30 and 32-40 of U.S. Patent Application No. 09/935,634. Applicant has 
submitted herewith a terminal disclaimer in order to overcome such rejection. 

The Examiner has rejected Claims 1-2, 4-9, 1 1-21, 23-34, 36-37 and 39-43 under 35 
U.S.C. 102(e) as being anticipated by Maloney et al. (U.S. Patent No. 6,549,208), Applicant 
respectfully disagrees with such rejection. 

With respect to independent Claims 1, 4, 6, 31, 33 and 40, the Examiner has relied, at 
least in part, on the following excerpt from Maloney to meet applicant's claimed "converting the 
electronic file from a first file format to a second file format that is different from die first file 
format and that prevents the computer virus in the electronic file from executing when the 
converted electronic file is opened by the intended recipient" (see this or similar, but not 
identical language in each of the foregoing claims). 



'^Data in the knowledge base 16 xa xoade available to a data parsing tool 
18 that converts the captured network data from the discovery tool 12 
to a fona useable by downstream programs of the system. Data accessed 
by the parsing tool 18 is then available to analytical engine 20 for 
analyzing the data captured by the discovery tool 12 and supports the 
merging of several data files and the development and comparison of 
network usage patterns." (see col. 4, lines 39-42) {emphasis added) 

"In operation, the session recorder tool 92 reassembles connection- 
oriented flows, or sessions. These layer-4 (e.g., TCP) and above 
sessions consist of multiple packets, to be reassembled and parsed to 
expose application-level information. Packet and cell reconstruction 
techniques provide the user with state information (for example, call 
progress and session monitoring) , as well as application layer 
information (for example, e-mail addresses) • Utilizing session search 
techniques within the session recorder tool 92, combined with alert 
processing, capabilities (such as seeing when a certain user gets e- 
mail) can be flexibly constructed. In one implementation of a session 
recorder tool 92 there is provided viewing of the following sessions: 
HTTP, POP3, TELNET, FTP, SMTP, NNTP, and IMAP. During operation of the 
session recorder tool 92 data can be added to the knowledge base 16 as 
the tool detects, processes and scans sessions for various pieces of 
information . 
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a user 



The query consult tool 94 provides a text-based xnterface to the 
knowiedge base 16. By utilization of the query consult tool 94 c 
is ?o determine if the knowledge base 16 contains an object (for 

exa^le, individual IP address) or determine the set of fleets 
belonqim to a class of the knowledge base 16 (for example, P'^^RK 
?n one ^^lamentation of the query consult tool 94 the f |« 
16 was q^ried for top level class names, objects belonging to a gxven 
class specific class objects." (Col. 9. lines 27-53) (emphasis 



added) 



Applicant respectfully disagrees with this assertion. In particular, Maloney simply 
discloses that "[d]ata in the knowledge base 16 is made available to a data parsing tool 18 that 
converts the captured network data from the discovery tool to a form usable by downstream 
programs. . ." (see emphasized portion of excerpt above). In addition, it is noted that "the 
discovery tool 12 collects traffic and usage data and maps the network connectivity" (see Col. 
4, lines 28-29) (emphasis added). Examples of such collected data is also disclosed in Maloney 
including "Address, Host, LM-Host, Domain, LM-Domain, SubNet, IP-Address..." (see Col. 4, 
lines 32-38). 



Therefore, Maloney teaches converting captured network data that includes traffic and 
usage data in order for the data to be usable by other downstream programs, and not "converting 
the electronic file from a first file format to a second format that is different from the first file 
format and that prevents the computer virus in the elect r onic file from executing when the 
converted electronic file is opened bv the intended recipient " (emphasis added), as claimed by 
applicant. Furthermore, Maloney's teaching of querying for class object and classes (as cited 
above) does not in any way relate to "converting. . .that prevents a computer virus fix>m 
executing," as claimed by applicant. Simply nowhere in Maloney is there any suggestion of 
converting a file format to "[prevent] a computer virus from executing when flie converted 
electronic file is opened by the intended recipient." 



In addition, the Examiner has relied, at least in part, on the following excerpts from 
Maloney to meet applicant's claimed "converting of the electronic file being in response to a 
detemiination that the electronic file represents the potential risk to the computer system." 

"..locate the existence of backdoors, reduce bandwidth usage, develop 
profiles of users, and pinpoint illicit activity." (Col. 2, lines 2-3) 
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-..determination of potential choke points and vulnerabilities.-" (Col. 
6, line 33) 

"Following parsing of the knowledge base 16 the analytical engine 20 
responds to the data for preparation and converting into vector-based 
nodal diagrams. Typically the analytical engine 20 creates assocxations 
between a number of different charts to determine if such data charts 
correlate or differentiate." (Col. 6, line 66-Col. 7, line 4) 

Applicant respectfully asserts that Malone/s teaching of converting the knowledge base 
data into vector-based nodal diagrams in no way relates to "converting. . .the electronic file. . .in 
response to a determination that the electronic file represents the potential risk to the computer 
system," as claimed by applicant. Specifically, Maloney's converting relates to converting 
traffic and network usage data into a usable form for other programs, as cited above, and not to 
electronic files in response to potential security risks. Therefore, Maloney fails to even suggest 
"converting [the] electronic file in response to a determination that the electronic file represents 
the potential risk to the computer system" (emphasis added), as claimed. 

The Examiner is reminded that a claim is anticipated only if each and every element as 
set forth in the claim is found, either expressly or inherently described in a single prior art 
reference. Verdegaal Bros, v. Union Oil Co. Of California, 814R2d 628, 631, 2USPQ2d 1051, 
1053 (Fed. Cir. 1987). Moreover, the identical invention must be shown in as complete detail as 
contained in the claim. Richardson v, Suzuki Motor Co,%e% F,2d 1226, 1236, 9USPQ2d 1913, 
1920 (Fed. Cir. 1989). The elements must be arranged as required by the claim. 

This criterion has simply not been met by the Maloney reference, for the reasons noted 
above. In addition, applicant respectfully asserts that the Maloney reference is further deficient 
with respect to the dependent claims. 

For example, with respect to dependent Claim 12, the Examiner has relied on the 
following excerpt in Maloney to make a prior art showing of applicant's claimed "determining 
whether the certain electronic file represents the potential risk comprising: conducting a heuristic 
scan of the certain electronic file." 

-.-provided viewing of the following sessions: HTTP, P0P3 , TELNET, FTP, 
SMTP, NNTP, and IMAP. During operation of the session recorder tool 92 
data can be added to the knowledge base 16 as the tool detects. 
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processes and scans sessions for various pieces of information." (Col. 

9, lines 39-44) 

Applicant respectfully asserts thai the above excerpt fails to even suggest "conducting a 
heuristic scan of the certain electronic file." as claimed by applicant. Maloney merely discloses 
detecting, processing and scanning sessions (HTTP. P0P3. etc) for various pieces of 
information. This simply does not rise to the level of specificity of applicant's claim language 
wherein "a heuristic scan of the certain electronic file" is conducted to determine 'Vhether the 
certain electronic file represents the potential risk." 

With respect to dependent Claim 15 et al., the Examiner has relied on Maloney's 
disclosure of utilization of a PC in implementing the information security analysis system (Col. 
5, lines 59-61) to make a prior art showing of applicant's claimed "receiving occurring at a 
desktop computer of the intended recipient." Applicant respectfiilly asserts that Maloney's 
general utilization of a PC does rise to the level of specificity of applicant's claim language. 

With respect to dependent Claim 16 et al., the Examiner has relied on Maloney's mention 
of an HTTP-Server (Col. 4, line 36 and Figure 6) to make a prior art showing of applicant' s 
claimed "receiving occurring at a server computer." It seems the Examiner has failed to take 
Maloney's mention of an HTTP-Server in context. Applicant notes that, in the proper context of 
Maloney's invention, data about HTTP-Servers is collected and becomes part of the 
knowledgebase. Therefore, there is no receiving [of an electronic file] occurring at a server 
computer," as claimed by applicant. 

With respect to dependent Claims 18 and 19, the Examiner has relied on the following 
excerpts from Maloney to make a prior art showing of applicant's claimed "converting at a 
desktop computer of the intended recipient" (Qaim 18) and "converting occurring at a server 
computer"(Claim 19). 

"The hardware platforms consist of several different types of 
interconnected computers-" (Col . 2, lines 24-25) 

"-Pentium-based PC- (Col. 5, line 60) 

"An internal pacJcet processing engine 36 decodes data packets and 
converts the raw data to information elements that are accessible to 
all the tools in a tool suite 34." (Col. 7, lines 30-33) 
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Applicant respectfully points out that the above excerpts from Maloney merely mention a 
Pentium based PC and interconnected computers, and that when taken in context, as described 
above with regard to Claim 16, do not disclose "converting [the electronic file] at a desktop 
computer of the intended recipient" nor ^'converting [the electronic file] at a server computer^' as 
claimed by applicant. Further, there is simply no suggestion in Maloney of converting an 
electronic file format at a desktop computer or server. 



With respect to dependent Claim 21, the Examiner relies on the following excerpts from 
Maloney to make a prior art showing of applicant's claimed "receiving a second electronic file 
intended for delivery from another sender to another intended recipient, the second electronic file 
having a third file format and containing another computer virus; converting the second 
electronic file to a fourth file format that is different from the third file format and that prevents 
the another computer virus from executing when the converted second electronic file is opened 
by the another intended recipient; and making the converted second electronic file available for 
viewing by the another intended recipient." 



"A second analytical engine from the Department of Def ense„." (Col . 4, 
line 39) 

"The addition of a third vector permits the simultaneous viewing of 
large complex diagrams on interconnected planes in accordance with user 
instructions from the input device 94. The display of FIG. 5 permits an 
analyst to rotate the diagram on any axis thereby viewing relationships 
that otherwise become obscure viewed on two-dimensional planes." (Col. 
11, lines 36-41) 

"In this example the analysis system 10 as running on the terminal 7 0 
monitors the level of intranet traffic and records packets of data from 
each of the terminals of the various nodes. For a terminal under 
attack, such as teirminal 64a, the analysis system establishes a target 
source packet structure and by means of the analytical engine 2 0 of the 
present invention could be modified to shut down a target under 
attack." (Col. 12, lines 16-24) 

Applicant respectfully asserts, that Maloney *s teachings of "a second analytical engine," 
"simultaneous viewing of large complex diagrams" and "monitor[ing} the level of intranet 
traffic. . .from each of the terminals of the various nodes" fail to meet applicant's claim 
limitations. Specifically, neither the above excerpts nor the rest of the Maloney reference, 
disclose " receiving a second electronic file intended for delivery from another sender to mother 
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intended recipient. . . >-^»t..„i.p .nnther computer virus. . . convertin g the second electronic file. . . 
that pr^v^nt. the another computer vin .^ from executing..." (emphasis added), as claimed by 
applicant. 

With respect to dependent Claim 23, the Examiner has reUed on the following excerpt 
from Maloney to make a prior art showing of applicant's claimed "second file format being at 
least one of a TXT file fomiat, a RTF file format without embedded objects, a BMP file format, 
a JPEG file format, a CSV file format, a JPB file format, a GIF file format, a HTML file format 
without scripts, and a ASCII file format/' 

« parsing and formatting of data from HTML flat files that are then 
imported to a database or to the analytical engines." {Col. 10, lines 
24-25) 

Applicant respectfully points out that the above excerpt fi:om Maloney does not teach a 
second file format (wherein the. electronic file was converted ft-om a first file format to a second 
file format in the context of Claim 1), let alone a second file format that includes one of the 
formats enumerated above in claim 23. Maloney simply teaches formatting data firom HTML 
and importing the data into a database, and thus fails to meet applicant's claim limitations. 

With respect to dependent Claims 24 and 26, the Examiner has relied on the same excerpt 
as with Claim 23 in rejecting applicant's claimed **second file fonnat being the HTML file 
format without scripts" (see Claim 24) and **second file format being the TXT file format." (see 
Claim 26) Again, applicant respectfially asserts that Maloney teaches formatting data from 
HTML to a database, whereas applicant claims the second file format (formatted from a first file 
fomiat in the context of Claim 1) being a HTML file format without scripts (Claim 24) and a 
TXT file foraiat (Claim 26). 

With respect to dependent Claim 28, the Examiner has relied on die same excerpt as with 
Claim 23 in rejecting applicant's claimed **certain electronic file being at least one of a word 
processing file, a spreadsheet file, a database file, a graphics file, a presentation file, a 
compressed file,,and a binary executable file." 



PACE 18«4 • RCVD AT 7/13/2005 6:37:57 PM [Eastern DayOgW nme] • SVR:USPTO-EFXRF-1/4 • ON1S:8729308 • CSID:408 071 4660 * DURATION (mm«s):08^ 



n 



Jul "13 05 a3:44p SVIPG 4Q8 971 4660 p. 19 



-16- 

Again applicant respectfully asserts that Maloney teaches formatting data from HTML to 
a database, whereas applicant claims ^Hhe certain electronic file being at least one of a word 
processing file, a spreadsheet file, a database file, a graphics file, a presentation file, a 
compressed file, and a binary executable file," none of which are HTML files. The excerpt from 
Maloney even fails to make any mention of an electronic file, as claimed by applicant m the 
context of Claim 1. 

With respect to dependent Claim 29 et al., the Examiner yet again has relied on the same 
excerpt as with Claim 23 in rejecting applic^fs claimed "determining if the first file fomiat is 
one of a word processing file format type and a graphics file format type, the second file format 
being at least one of a TXT file format, a RTF file format without embedded objects, and a 
HTML file format without scripts if it is determined that the certain file format is the word 
processing file format type, the second file fonnat being at least one of a JPB file format, a BMP 
file format, a GIF file format, a HTML file format without scripts, and a JPEG file fonnat if it is 
determined that the first file fonnat is the graphics file format type." 

Yet again, applicant respectfully asserts that the excerpt in Maloney relied on by the 
Examiner teaches fomiatting data from HTML to a database, whereas applicant claims 
converting the electronic to a specific second file format based on a specific first file format, as 
excerpted above. 

Again notice of allowance or a specific prior art showing of all of ^plicant's claim 
limitations, in combination with the remaining claim elements, is respectfiiHy requested. 

In the event a telephone conversation would expedite the prosecution of this application, 
the Examiner may reach the undersigned at (408) 505-5 1 00. The Commissioner is authorized to 
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charge any additional fees or credit any overpayment to Deposit Account No. 50-1351 (Order 
No. NAI1P091/01 .049.01). 



Respectfirijy ^mitted, 
Zilka-KotabfTC. 



P.O. Box 721120 

San Jose, CA 95172-1120 

408-505-5100 
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